threatstack-agent-ruby 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/constants.rb +8 -1
- data/lib/control.rb +24 -20
- data/lib/instrumentation/common.rb +13 -0
- data/lib/instrumentation/instrumenter.rb +0 -1
- data/lib/jobs/event_submitter.rb +4 -1
- data/threatstack-agent-ruby.gemspec +5 -1
- metadata +5 -3
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: a6e908b193838dd48d02f2499d455e3a32c1717d560c7b98a8be906deed42035
         | 
| 4 | 
            +
              data.tar.gz: 130ee1345687bb4e8c301fa99a5559e3db4c231778cc9c3b25210e4a29467f5d
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: 428ac8a8aae453502e55f9c6011f47afff7cc7ade425fedc0da24059afc8c557501c21fbdbec46d1647b103c5c8c3bef484b916343871cfa97fcfc26a161fb75
         | 
| 7 | 
            +
              data.tar.gz: 14b3056242ee19715522aaf97e2386eeb54a5ce92c068d794c5bbd9460c496b7f64b4c22ce1af1e9bffb2d14c5f12fa304b0da1f25bfe2571c7b6402a5763836
         | 
    
        data/lib/constants.rb
    CHANGED
    
    | @@ -55,8 +55,12 @@ module Threatstack | |
| 55 55 | 
             
                DROP_FIELDS = self.env('DROP_FIELDS', false) ? self.env('DROP_FIELDS').split(',').each_with_object({}) do |val, h|
         | 
| 56 56 | 
             
                  h[val] = true
         | 
| 57 57 | 
             
                end : nil
         | 
| 58 | 
            +
                ## specifies which user fields should be omitted from event payloads
         | 
| 59 | 
            +
                FILTER_BY_PATH = self.env('FILTER_BY_PATH', false) ? self.env('FILTER_BY_PATH').split(',') : nil
         | 
| 58 60 | 
             
                ## string to use when redacting fields
         | 
| 59 61 | 
             
                REDACTED = self.env('REDACTED', '#REDACTED#')
         | 
| 62 | 
            +
                ## send up attack events only to the platform
         | 
| 63 | 
            +
                DETECT_ATTACKS_ONLY = self.is_truthy('DETECT_ATTACKS_ONLY')
         | 
| 60 64 |  | 
| 61 65 | 
             
                # EVENT SUBMITTER
         | 
| 62 66 | 
             
                ## event reporting frequency
         | 
| @@ -101,7 +105,7 @@ module Threatstack | |
| 101 105 | 
             
                                            SERVER_SOFTWARE]).freeze
         | 
| 102 106 |  | 
| 103 107 | 
             
                # Utils
         | 
| 104 | 
            -
                ROOT_DIR = self.app_root_dir
         | 
| 108 | 
            +
                ROOT_DIR = self.app_root_dir.nil? ? nil : self.app_root_dir.to_s
         | 
| 105 109 | 
             
              end
         | 
| 106 110 | 
             
            end
         | 
| 107 111 |  | 
| @@ -110,6 +114,8 @@ require_relative './utils/logger' | |
| 110 114 | 
             
            module Threatstack
         | 
| 111 115 | 
             
              module Constants
         | 
| 112 116 | 
             
                spec = Gem.loaded_specs['threatstack-agent-ruby']
         | 
| 117 | 
            +
                AGENT_VERSION = spec.nil? || !spec.respond_to?(:version) ? 'N/A' : spec.version.to_s
         | 
| 118 | 
            +
             | 
| 113 119 | 
             
                logger = Threatstack::Utils::TSLogger.create 'Constants'
         | 
| 114 120 | 
             
                logger.info """ Threatstack Ruby Agent Config
         | 
| 115 121 | 
             
                            VERSION: #{spec.nil? || !spec.respond_to?(:version) ? 'N/A' : spec.version}
         | 
| @@ -129,6 +135,7 @@ module Threatstack | |
| 129 135 | 
             
                         LOG COLORS: #{LOG_COLORS}
         | 
| 130 136 | 
             
                        MANUAL INIT: #{MANUAL_INIT}
         | 
| 131 137 | 
             
                      REDACTED TEXT: #{REDACTED}
         | 
| 138 | 
            +
                DETECT_ATTACKS_ONLY: #{DETECT_ATTACKS_ONLY}
         | 
| 132 139 | 
             
                           ROOT DIR: #{ROOT_DIR}"""
         | 
| 133 140 | 
             
              end
         | 
| 134 141 | 
             
            end
         | 
    
        data/lib/control.rb
    CHANGED
    
    | @@ -33,15 +33,17 @@ module Threatstack | |
| 33 33 | 
             
                  Threatstack::Instrumentation::Frameworks::TSRails.patch_action_controller
         | 
| 34 34 | 
             
                  logger.info 'Done instrumenting Rails'
         | 
| 35 35 |  | 
| 36 | 
            -
                   | 
| 37 | 
            -
             | 
| 38 | 
            -
             | 
| 39 | 
            -
             | 
| 36 | 
            +
                  if(!DETECT_ATTACKS_ONLY)     
         | 
| 37 | 
            +
                    ## patch Kernel methods
         | 
| 38 | 
            +
                    logger.info 'Instrumenting Kernel methods...'
         | 
| 39 | 
            +
                    Threatstack::Instrumentation::Frameworks::TSKernel.wrap_methods
         | 
| 40 | 
            +
                    logger.info 'Done instrumenting Kernel methods'
         | 
| 41 | 
            +
                  end
         | 
| 40 42 |  | 
| 41 43 | 
             
                  ## patch Kernel methods
         | 
| 42 | 
            -
                  logger.info 'Instrumenting Random methods...'
         | 
| 43 | 
            -
                  Threatstack::Instrumentation::Frameworks::TSRandom.wrap_methods
         | 
| 44 | 
            -
                  logger.info 'Done instrumenting Random methods'
         | 
| 44 | 
            +
                  # logger.info 'Instrumenting Random methods...'
         | 
| 45 | 
            +
                  # Threatstack::Instrumentation::Frameworks::TSRandom.wrap_methods
         | 
| 46 | 
            +
                  # logger.info 'Done instrumenting Random methods'
         | 
| 45 47 |  | 
| 46 48 | 
             
                  ############################## Event Submitter ##############################
         | 
| 47 49 | 
             
                  # Start EventSubmitter asynchronously
         | 
| @@ -49,18 +51,20 @@ module Threatstack | |
| 49 51 | 
             
                  Threatstack::Jobs::EventSubmitter.instance.start
         | 
| 50 52 | 
             
                  logger.info 'Started Event Submitter'
         | 
| 51 53 |  | 
| 52 | 
            -
                   | 
| 53 | 
            -
             | 
| 54 | 
            -
             | 
| 55 | 
            -
                     | 
| 56 | 
            -
             | 
| 57 | 
            -
             | 
| 58 | 
            -
             | 
| 59 | 
            -
             | 
| 60 | 
            -
             | 
| 61 | 
            -
             | 
| 62 | 
            -
             | 
| 63 | 
            -
                    Threatstack:: | 
| 54 | 
            +
                  if(!DETECT_ATTACKS_ONLY)     
         | 
| 55 | 
            +
                    ##############################  Delayed Tasks  ##############################
         | 
| 56 | 
            +
                    # Gather environment and dependency info asynchronously      
         | 
| 57 | 
            +
                    Threatstack::Jobs::DelayedJob.new(logger, 5) do
         | 
| 58 | 
            +
                      dep_event = Threatstack::Events::DependencyEvent.new
         | 
| 59 | 
            +
                      # submit dependency event
         | 
| 60 | 
            +
                      Threatstack::Jobs::EventSubmitter.instance.queue_event dep_event
         | 
| 61 | 
            +
                      # submit environment event
         | 
| 62 | 
            +
                      Threatstack::Jobs::EventSubmitter.instance.queue_event Threatstack::Events::EnvironmentEvent.new
         | 
| 63 | 
            +
                    end
         | 
| 64 | 
            +
                    # Report Rails config once it's loaded
         | 
| 65 | 
            +
                    Threatstack::Jobs::DelayedJob.new('DelayedConfig', 20) do
         | 
| 66 | 
            +
                      Threatstack::Instrumentation::Frameworks::TSRails.report_application_config
         | 
| 67 | 
            +
                    end
         | 
| 64 68 | 
             
                  end
         | 
| 65 69 |  | 
| 66 70 | 
             
                  logger.info 'Initialization done for agent'
         | 
| @@ -71,4 +75,4 @@ module Threatstack | |
| 71 75 | 
             
                  self.init unless DISABLED || MANUAL_INIT
         | 
| 72 76 | 
             
                end
         | 
| 73 77 | 
             
              end
         | 
| 74 | 
            -
            end
         | 
| 78 | 
            +
            end
         | 
| @@ -14,7 +14,20 @@ module Threatstack | |
| 14 14 | 
             
                @@logger = Threatstack::Utils::TSLogger.create 'CommonInstrumentation'
         | 
| 15 15 | 
             
                @@submitter = Threatstack::Jobs::EventSubmitter.instance
         | 
| 16 16 |  | 
| 17 | 
            +
                def self.is_filtered_event(file_path)
         | 
| 18 | 
            +
                  return false if FILTER_BY_PATH.nil?
         | 
| 19 | 
            +
                  return false if file_path.nil?
         | 
| 20 | 
            +
             | 
| 21 | 
            +
                  # loop over filtered paths to check if there's a match
         | 
| 22 | 
            +
                  filtered = FILTER_BY_PATH.any? do |path|
         | 
| 23 | 
            +
                    file_path.include? path
         | 
| 24 | 
            +
                  end
         | 
| 25 | 
            +
                  filtered
         | 
| 26 | 
            +
                end
         | 
| 27 | 
            +
             | 
| 17 28 | 
             
                def self.create_instrumentation_event(module_name, method_name, file_path, line_num, arguments)
         | 
| 29 | 
            +
                  return if is_filtered_event(file_path)
         | 
| 30 | 
            +
             | 
| 18 31 | 
             
                  data = {
         | 
| 19 32 | 
             
                    :module_name => module_name,
         | 
| 20 33 | 
             
                    :method_name => method_name,
         | 
    
        data/lib/jobs/event_submitter.rb
    CHANGED
    
    | @@ -61,10 +61,13 @@ module Threatstack | |
| 61 61 | 
             
                    headers = {
         | 
| 62 62 | 
             
                      'Content-Type' => 'application/json',
         | 
| 63 63 | 
             
                      'bluefyre-agent-id' => AGENT_ID,
         | 
| 64 | 
            -
                      'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID
         | 
| 64 | 
            +
                      'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID,
         | 
| 65 | 
            +
                      'bluefyre-agent-version' => AGENT_VERSION,
         | 
| 66 | 
            +
                      'bluefyre-agent-type' => RUBY
         | 
| 65 67 | 
             
                    }
         | 
| 66 68 | 
             
                    http = Net::HTTP.new(uri.host, uri.port)
         | 
| 67 69 | 
             
                    http.use_ssl = true
         | 
| 70 | 
            +
                    http.max_retries=0 # don't attempt to retry if the request fails
         | 
| 68 71 | 
             
                    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
         | 
| 69 72 | 
             
                    req = Net::HTTP::Post.new(uri.request_uri, headers)
         | 
| 70 73 | 
             
                    req.body = json_payload
         | 
| @@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) | |
| 5 5 |  | 
| 6 6 | 
             
            Gem::Specification.new do |spec|
         | 
| 7 7 | 
             
              spec.name          = 'threatstack-agent-ruby'
         | 
| 8 | 
            -
              spec.version       = '0.2. | 
| 8 | 
            +
              spec.version       = '0.2.3'
         | 
| 9 9 | 
             
              spec.authors       = ['Threat Stack Inc']
         | 
| 10 10 | 
             
              spec.email         = ['support@threatstack.com']
         | 
| 11 11 | 
             
              spec.summary       = 'Ruby version of the ThreatStack agent which helps identify security vulnerabilities at runtime'
         | 
| @@ -15,6 +15,10 @@ Gem::Specification.new do |spec| | |
| 15 15 | 
             
                "LICENSE"
         | 
| 16 16 | 
             
              ]
         | 
| 17 17 | 
             
              spec.required_ruby_version = '>= 1.8.7'
         | 
| 18 | 
            +
              spec.description = <<-EOS
         | 
| 19 | 
            +
            Ruby version of the [Threat Stack](https://www.threatstack.com) agent which helps identify security vulnerabilities at runtime. Refer detailed instructions on how to install the Threat Stack agent [here](https://threatstack.zendesk.com/hc/en-us/articles/360039993431). All components of this product are - Copyright (c) 2021 Threatstack, Inc.  All rights reserved.Certain inventions disclosed in this file may be claimed within patents owned or patent applications filed by Threatstack, Inc. or third parties. The Threatstack Ruby agent also uses code from the following open source projects under the following licenses:
         | 
| 20 | 
            +
              libinjection               http://opensource.org/licenses/BSD-3-Clause
         | 
| 21 | 
            +
            EOS
         | 
| 18 22 |  | 
| 19 23 | 
             
              spec.files         = Dir.chdir(File.expand_path(__dir__)) do
         | 
| 20 24 | 
             
                `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^((test|spec|features|)/|Gemfile_release|Rakefile|README.md|.gitlab-ci.yml|.rubocop.yml|Gemfile.lock|.gitignore)}) }
         | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: threatstack-agent-ruby
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 0.2. | 
| 4 | 
            +
              version: 0.2.3
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Threat Stack Inc
         | 
| 8 8 | 
             
            autorequire: 
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2021- | 
| 11 | 
            +
            date: 2021-11-12 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: network_interface
         | 
| @@ -150,7 +150,9 @@ dependencies: | |
| 150 150 | 
             
                - - ">="
         | 
| 151 151 | 
             
                  - !ruby/object:Gem::Version
         | 
| 152 152 | 
             
                    version: '0'
         | 
| 153 | 
            -
            description: 
         | 
| 153 | 
            +
            description: |
         | 
| 154 | 
            +
              Ruby version of the [Threat Stack](https://www.threatstack.com) agent which helps identify security vulnerabilities at runtime. Refer detailed instructions on how to install the Threat Stack agent [here](https://threatstack.zendesk.com/hc/en-us/articles/360039993431). All components of this product are - Copyright (c) 2021 Threatstack, Inc.  All rights reserved.Certain inventions disclosed in this file may be claimed within patents owned or patent applications filed by Threatstack, Inc. or third parties. The Threatstack Ruby agent also uses code from the following open source projects under the following licenses:
         | 
| 155 | 
            +
                libinjection               http://opensource.org/licenses/BSD-3-Clause
         | 
| 154 156 | 
             
            email:
         | 
| 155 157 | 
             
            - support@threatstack.com
         | 
| 156 158 | 
             
            executables: []
         |